Request a Working Session

About Fulcrum Shifts

Fulcrum Shifts is a boutique advisory led by Jon Lilly. The firm exists to help organizations make targeted shifts in cyber risk, third-party risk, compliance, and reporting that create outsized operational value.

A Fulcrum Shift for Your Business

A fulcrum does not remove the weight. It changes where leverage is applied.

Fulcrum Shifts is built on the same idea: small, deliberate changes in workflow, control design, reporting, and operating model can create disproportionate business impact when they are aimed at the right problem.

Organizations rarely need more complexity. They need better alignment between risk, operations, compliance, and leadership priorities.

Fulcrum Shifts focuses on identifying the pressure points that create measurable movement, whether that means improving assessment workflows, simplifying governance processes, strengthening third-party oversight, modernizing reporting, or using AI to reduce operational drag.

What Makes the Approach Different

Business-First, Not Control-Catalog-First

The goal is not to create more controls for the sake of compliance. The goal is to improve operational outcomes, reduce friction, and support business trust while maintaining defensible risk practices.

Operator-Led, Not Presentation-Led​

Recommendations are grounded in real operating experience across regulated environments, not generic frameworks or slideware. The focus stays on what teams can realistically implement and sustain.

AI-Enabled, Still Human-Accountable

AI can improve speed, consistency, and visibility across risk and compliance functions. Fulcrum Shifts applies AI where it creates operational value while keeping governance, judgment, and accountability firmly human-led.

Focused on Usable Outputs

Organizations do not need more administrative drag. They need dashboards leadership can use, reporting that supports decisions, workflows teams will adopt, and governance structures that scale with the business.

About Jon Lilly

Founder, Fulcrum Shifts

Jon Lilly is a business-first cybersecurity and risk leader with 25 years of experience across highly regulated environments, including pharma, financial services, hospitality, and critical infrastructure. His work has spanned digital risk, GRC, third-party risk, IT/OT assessment, control design, compliance, and executive reporting.

Recent work has included:

  • applying AI solutions to digital risk management processes,
  • supporting a portfolio of 500+ digital risks in a global biotech environment,
  • designing dashboards and KRIs,
  • strengthening IT/OT GRC operations in pharma,
  • leading large-scale third-party and system risk assessment programs, and
  • developing control baselines and ServiceNow-driven reporting models.
signature
Jon Lilly

Founder and CEO

Jon Lilly, profile photo

Advisory & Leadership Engagements

Fulcrum Shifts supports select project, advisory, and build-stage leadership engagements.

For organizations navigating transformation, scaling governance operations, or modernizing risk programs, support can range from focused advisory work to embedded leadership collaboration.

Learn More
Industries we Serve

Best-Fit Organizations & Environments

Fulcrum Shifts works best with organizations that need practical, business-aligned risk and compliance support without unnecessary complexity.

Typical Environments Include

  • Regulated mid-market organizations
  • Biopharma and life sciences
  • Critical infrastructure environments
  • Financial services organizations
  • Growth-stage companies preparing for compliance readiness
  • Organizations strengthening partner trust and governance maturity

Common Engagement Scenarios

  • Building or modernizing GRC operations
  • Improving third-party risk programs
  • Designing executive reporting and KRIs
  • Supporting audit and compliance readiness
  • Operationalizing AI within governance processes
  • Stabilizing fragmented assessment or reporting workflows